Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Failing to Start [Closed]

Started by FXRStuarty , Dec 04 2013 11:01 AM

  • This topic is locked This topic is locked

#1
FXRStuarty
Posted 04 December 2013 - 11:01 AM

FXRStuarty

    Member

  • Member
  • PipPip
  • 78 posts
Since yesterday I have experienced a very slow laptop. I shut down and restarted but then Windows (7) failed to start. I forced a shut down (press and hold on/off butt and when it did eventually start I ran a Kaspersky Anti-Virus over night but, after 7 hours, it hadnt completed. According to the screen it had read approx 280,000 items (files?) and had 24 minutes to go. I waited a further 10 minutes and the time was still 24 minutes to completiion and the items read had not changed.

I again forced a shut down The laptop tried to repair the problem but without success.

This evening I managed to start the laptop.

The computer regularly freezes (Not Responding). As a result I have had to restart my laptop just writing this.

I tried to run a Malwarebytes but the laptop stopped responding. I will retry a Malwarebytes run.

Grateful for any help offered.

Edited by FXRStuarty, 04 December 2013 - 11:03 AM.

  • 0

Advertisements

#2
Dakeyras
Posted 05 December 2013 - 05:39 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Next:

Regarding this you mentioned:-

I will retry a Malwarebytes run.

Best to leave that for the time being and lets try working outside of the Windows Environment as follows...

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to a Flash/USB drive.

Then insert the Flash/USB drive into your machine....

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:


Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter[/list] Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste the contents of the aforementioned notepad file into your next reply.

  • 0

#3
FXRStuarty
Posted 05 December 2013 - 06:44 PM

FXRStuarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Dakeyras,

Thank you for your response and your offer of assistance.

As an update I wish to advise that my laptop has now been reset to factory settings. I do hope this doesnt complicate matters, however the problems I have explained in my OP remain.

I have followed your instructions and the FRST.txt file is pasted below.

Thanks again for your help.



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-12-2013
Ran by SYSTEM on MININT-80MRHB5 on 06-12-2013 00:33:17
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-08-22] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2011-08-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [5908928 2011-08-22] (Lenovo(beijing) Limited)
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] - C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-08-22] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [MaxMenuMgr] - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
Startup: C:\Users\sw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) =================

S2 0214981386233441mcinstcleanup; C:\windows\TEMP\021498~1.EXE [834664 2013-07-30] (McAfee, Inc.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-09] (Kaspersky Lab ZAO)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-05] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [623200 2013-12-05] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-09] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-14] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
S3 BcmSqlStartupSvc;
S2 CLKMSVC10_3A60B698;
S2 CLKMSVC10_C3B3B687;
S2 DriverService;
S2 iATAgentService;
S2 idealife Update Service;
S3 IGRS;
S2 IviRegMgr;
S2 nvUpdatusService;
S2 Oasis2Service;
S2 PCCarerService;
S2 ReadyComm.DirectRouter;
S2 RichVideo;
S2 RtLedService;
S2 SeaPort;
S2 SoftwareService;
S3 SQLWriter;
S2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-06 00:32 - 2013-12-06 00:32 - 00000000 ____D C:\FRST
2013-12-05 16:15 - 2013-12-05 16:15 - 01925140 _____ (Farbar) C:\Users\sw\Downloads\FRST64.exe
2013-12-05 16:06 - 2013-12-05 16:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-05 16:06 - 2013-12-05 16:06 - 00001089 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2013-12-05 16:06 - 2013-12-05 16:06 - 00000000 ____D C:\Windows\ELAMBKUP
2013-12-05 16:06 - 2013-12-05 16:06 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-05 16:06 - 2013-05-06 01:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\System32\klfphc.dll
2013-12-05 16:05 - 2013-12-05 16:13 - 00623200 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-12-05 16:05 - 2013-06-08 12:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-12-05 15:48 - 2013-12-05 15:48 - 00000000 ___HD C:\kleaner.tmp
2013-12-05 15:41 - 2013-12-05 15:42 - 242280400 _____ (Kaspersky Lab) C:\Users\sw\Downloads\kav14.0.0.4651en-gb.exe
2013-12-05 00:32 - 2013-12-05 00:32 - 00266288 _____ C:\Windows\Minidump\120513-66924-01.dmp
2013-12-05 00:32 - 2013-12-05 00:32 - 00000000 ____D C:\Windows\Minidump
2013-12-05 00:31 - 2013-12-05 00:31 - 567361206 _____ C:\Windows\MEMORY.DMP
2013-12-05 00:02 - 2013-12-05 00:12 - 00011283 _____ C:\Windows\IE10_main.log
2013-12-04 19:19 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-12-04 19:18 - 2011-11-19 06:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2013-12-04 19:18 - 2011-11-19 06:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2013-12-04 14:14 - 2013-12-04 14:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-12-04 14:14 - 2013-12-04 14:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-12-04 14:13 - 2013-12-04 14:13 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-12-04 14:12 - 2013-12-04 14:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-12-04 14:11 - 2013-12-04 14:11 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-04 14:11 - 2013-12-04 14:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-12-04 14:10 - 2013-12-04 14:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-04 14:10 - 2013-12-04 14:10 - 00000000 __RHD C:\MSOCache
2013-12-04 14:10 - 2013-12-04 14:10 - 00000000 ____D C:\Users\sw\AppData\Local\Microsoft Help
2013-12-04 12:49 - 2013-12-04 12:49 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-04 12:49 - 2013-12-04 12:49 - 00000000 ____D C:\Users\sw\AppData\Roaming\Malwarebytes
2013-12-04 12:49 - 2013-12-04 12:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-04 12:49 - 2013-12-04 12:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-04 12:49 - 2013-04-04 06:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-12-04 12:48 - 2013-12-04 12:49 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\sw\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-04 11:33 - 2013-12-04 11:33 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-04 11:32 - 2013-12-04 11:33 - 00000000 ____D C:\ProgramData\Adobe
2013-12-04 11:32 - 2013-12-04 11:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-04 11:24 - 2013-12-04 11:24 - 00001033 _____ C:\Users\sw\Desktop\Dropbox.lnk
2013-12-04 11:22 - 2013-12-05 16:27 - 00000000 ____D C:\Users\sw\AppData\Roaming\Dropbox
2013-12-04 11:21 - 2013-12-05 16:27 - 00000000 ___RD C:\Users\sw\Dropbox
2013-12-04 11:21 - 2013-12-04 11:21 - 00000000 ____D C:\Users\sw\Documents\Healthy Eating
2013-12-04 11:21 - 2013-12-04 11:21 - 00000000 ____D C:\Users\sw\Documents\Grievance
2013-12-04 11:21 - 2013-12-04 11:21 - 00000000 ____D C:\Users\sw\Documents\Garmin Speed Camera Download
2013-12-04 11:20 - 2013-12-04 11:21 - 00000000 ____D C:\Users\sw\Documents\Gairloch Trip
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Youcam
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Words
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Sony Ericsson
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Songs
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Flat Rent
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Family Tree Info
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\CV
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\College
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Bikes
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\220913
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\12-10-2013
2013-12-04 11:20 - 2013-12-02 07:39 - 00027744 _____ C:\Users\sw\Documents\Outgoings August 13.xlsx
2013-12-04 11:20 - 2013-11-20 07:54 - 00262144 ____T C:\Users\sw\Documents\SW TEST.prn
2013-12-04 11:20 - 2013-11-10 13:38 - 00082657 _____ C:\Users\sw\Documents\Cris.xlsx
2013-12-04 11:20 - 2013-10-20 11:07 - 00000000 ____D C:\Users\sw\Documents\18-10-2013
2013-12-04 11:20 - 2013-09-22 10:44 - 00000000 ____D C:\Users\sw\Documents\Scenic Road to Newcastle
2013-12-04 11:20 - 2013-05-21 07:05 - 00056320 _____ C:\Users\sw\Documents\NUFC Player Stats 2012-2013.xls
2013-12-04 11:20 - 2012-12-08 14:25 - 00166922 _____ C:\Users\sw\Documents\Content Building Ins Swinton 2012-2013 - Conf Email.htm
2013-12-04 11:20 - 2012-12-05 10:22 - 00030508 _____ C:\Users\sw\Documents\Flexi Record.xlsx
2013-12-04 11:20 - 2012-08-11 09:09 - 00011608 _____ C:\Users\sw\Documents\Footie Fixtures.xlsx
2013-12-04 11:20 - 2010-11-16 12:01 - 00011544 _____ C:\Users\sw\Documents\Shopping List.xlsx
2013-12-04 11:20 - 2010-02-26 13:14 - 00010269 _____ C:\Users\sw\Documents\Annual Utilities Use in Kwh.xlsx
2013-12-04 11:20 - 2010-01-12 11:55 - 00000765 _____ C:\Users\sw\Documents\My Sharing Folders.lnk
2013-12-04 11:20 - 2009-09-14 09:58 - 00000638 _____ C:\Users\sw\Documents\Glesga Love.txt
2013-12-04 11:20 - 2009-07-30 06:39 - 00016896 _____ C:\Users\sw\Documents\Utilities Usage.xls
2013-12-04 11:20 - 2009-07-26 02:30 - 00001115 _____ C:\Users\sw\Documents\Grand Tour Garmin.gdb
2013-12-04 11:20 - 2008-12-28 07:10 - 00053760 _____ C:\Users\sw\Documents\Charades.xls
2013-12-04 11:19 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Riders Club
2013-12-04 11:19 - 2013-12-04 11:19 - 00000000 ____D C:\Users\sw\Documents\Recipes
2013-12-04 11:19 - 2013-12-04 11:19 - 00000000 ____D C:\Users\sw\Documents\Phone Backup Card
2013-12-04 11:18 - 2013-12-04 11:19 - 00000000 ____D C:\Users\sw\Documents\Phone backup
2013-12-04 11:18 - 2013-12-04 11:18 - 00000000 ____D C:\Users\sw\Documents\PDF Conversions
2013-12-04 11:18 - 2013-12-04 11:18 - 00000000 ____D C:\Users\sw\Documents\Overpayment
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Outlook Files
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\My Received Files
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Music Rip
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\MC Parking
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Insurances
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Image Converter Plus
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Icon
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Holiday 2010
2013-12-04 11:17 - 2013-09-22 10:43 - 00000000 ____D C:\Users\sw\Documents\Media Go
2013-12-04 11:08 - 2013-12-04 11:08 - 00000000 ____D C:\Program Files (x86)\Foolish IT
2013-12-04 11:04 - 2013-12-04 11:04 - 00002148 _____ C:\Users\Public\Desktop\Seagate Manager.lnk
2013-12-04 11:04 - 2013-12-04 11:04 - 00000000 ____D C:\ProgramData\Seagate
2013-12-04 11:04 - 2013-12-04 11:04 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-12-04 11:01 - 2013-12-04 11:03 - 29284640 _____ (Seagate ) C:\Users\sw\Downloads\Seagate_Manager.exe
2013-12-04 10:59 - 2013-12-04 10:59 - 00000000 ____D C:\Users\sw\AppData\Local\Macromedia
2013-12-04 10:58 - 2013-12-04 10:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-04 10:58 - 2013-12-04 10:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-04 10:58 - 2013-12-04 10:58 - 00000000 ____D C:\Windows\System32\Macromed
2013-12-04 10:57 - 2013-12-04 11:33 - 00000000 ____D C:\Users\sw\AppData\Local\Adobe
2013-12-04 10:46 - 2013-12-04 10:46 - 02013672 _____ (Driver Manager) C:\Users\sw\Downloads\DriverManager.exe
2013-12-04 10:39 - 2013-12-05 15:41 - 00000000 ____D C:\Users\sw\AppData\Local\Mozilla
2013-12-04 10:39 - 2013-12-04 10:39 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-04 10:39 - 2013-12-04 10:39 - 00000000 ____D C:\Users\sw\AppData\Roaming\Mozilla
2013-12-04 10:39 - 2013-12-04 10:39 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-04 10:39 - 2013-12-04 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-04 10:39 - 2013-12-04 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-04 10:33 - 2013-12-05 15:45 - 00000000 ____D C:\users\wangzhisong
2013-12-04 10:33 - 2013-12-05 15:34 - 00000280 _____ C:\Windows\Tasks\UpdaterEX.job
2013-12-04 10:33 - 2013-12-04 10:34 - 00000000 ____D C:\Users\sw\AppData\Local\Mobogenie
2013-12-04 10:33 - 2013-12-04 10:34 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-04 10:33 - 2013-12-04 10:33 - 00003380 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-12-04 10:33 - 2013-12-04 10:33 - 00003208 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-12-04 10:33 - 2013-12-04 10:33 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-04 10:33 - 2013-12-04 10:33 - 00000000 ____D C:\Users\sw\AppData\Roaming\UpdaterEX
2013-12-04 10:33 - 2013-12-04 10:33 - 00000000 ____D C:\Users\sw\AppData\Local\cache
2013-12-04 10:33 - 2013-12-04 10:33 - 00000000 _____ C:\Users\sw\daemonprocess.txt
2013-12-04 10:32 - 2013-12-04 10:32 - 23288584 _____ (Mozilla) C:\Users\sw\Downloads\Firefox_Setup [1].exe
2013-12-04 10:32 - 2013-12-04 10:32 - 00000000 ____D C:\Users\sw\AppData\Local\Wajam
2013-12-04 10:31 - 2013-12-04 10:31 - 00000000 ____D C:\Users\sw\AppData\Roaming\Adobe
2013-12-04 10:28 - 2012-02-16 22:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2013-12-04 10:28 - 2012-02-16 21:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-12-04 10:28 - 2012-02-16 20:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-12-04 10:28 - 2012-02-16 20:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2013-12-04 10:22 - 2013-12-04 11:03 - 00000000 ____D C:\Users\sw\AppData\Local\Downloaded Installations
2013-12-04 10:22 - 2013-12-04 10:22 - 00000000 __SHD C:\Windows\ftpcache
2013-12-04 10:22 - 2013-12-04 10:22 - 00000000 ____D C:\Users\sw\AppData\Roaming\Macromedia
2013-12-04 10:22 - 2012-06-02 14:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-12-04 10:22 - 2012-06-02 14:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-12-04 10:22 - 2012-06-02 14:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-12-04 10:22 - 2012-06-02 14:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-12-04 10:22 - 2012-06-02 14:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-12-04 10:22 - 2012-06-02 14:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-12-04 10:22 - 2012-06-02 14:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-12-04 10:22 - 2012-06-02 07:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-12-04 10:22 - 2012-06-02 07:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-12-04 10:15 - 2013-12-04 10:31 - 00000000 ____D C:\Users\sw\AppData\Local\Google
2013-12-04 10:14 - 2013-12-04 10:14 - 00000000 ____D C:\Users\sw\AppData\Roaming\Intel Corporation
2013-12-04 10:13 - 2013-12-05 00:44 - 00111648 _____ C:\Users\sw\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-04 10:13 - 2013-12-04 10:13 - 00000000 ____D C:\Users\sw\AppData\Local\VirtualStore
2013-12-04 10:12 - 2013-12-04 11:21 - 00000000 ____D C:\users\sw
2013-12-04 10:12 - 2013-12-04 10:14 - 00002086 _____ C:\Users\sw\Desktop\OneKey Recovery.lnk
2013-12-04 10:12 - 2013-12-04 10:14 - 00001122 _____ C:\Users\sw\Desktop\Cyberlink Power2Go.lnk
2013-12-04 10:12 - 2013-12-04 10:12 - 00000020 ___SH C:\Users\sw\ntuser.ini
2013-12-04 10:12 - 2010-12-18 21:31 - 00000189 _____ C:\Users\sw\Desktop\Lenovo Telephony Start Now.url
2013-12-04 10:10 - 2013-12-04 10:10 - 00000000 __SHD C:\Recovery

==================== One Month Modified Files and Folders =======

2013-12-06 00:32 - 2013-12-06 00:32 - 00000000 ____D C:\FRST
2013-12-05 16:27 - 2013-12-05 16:06 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-05 16:27 - 2013-12-04 11:22 - 00000000 ____D C:\Users\sw\AppData\Roaming\Dropbox
2013-12-05 16:27 - 2013-12-04 11:21 - 00000000 ___RD C:\Users\sw\Dropbox
2013-12-05 16:27 - 2011-08-22 16:41 - 00395881 _____ C:\Windows\System32\fastboot.set
2013-12-05 16:27 - 2011-08-22 16:34 - 00036117 _____ C:\FaceProv.log
2013-12-05 16:27 - 2011-08-22 16:34 - 00000000 ____D C:\ProgramData\VeriFace
2013-12-05 16:26 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-05 16:26 - 2009-07-13 20:51 - 00035853 _____ C:\Windows\setupact.log
2013-12-05 16:23 - 2010-11-20 19:47 - 00069088 _____ C:\Windows\PFRO.log
2013-12-05 16:22 - 2011-08-22 15:56 - 01226424 _____ C:\Windows\WindowsUpdate.log
2013-12-05 16:17 - 2009-07-13 21:13 - 00726316 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-05 16:15 - 2013-12-05 16:15 - 01925140 _____ (Farbar) C:\Users\sw\Downloads\FRST64.exe
2013-12-05 16:13 - 2013-12-05 16:05 - 00623200 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-12-05 16:13 - 2013-10-09 03:46 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kl1.sys
2013-12-05 16:06 - 2013-12-05 16:06 - 00001089 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2013-12-05 16:06 - 2013-12-05 16:06 - 00000000 ____D C:\Windows\ELAMBKUP
2013-12-05 16:06 - 2013-12-05 16:06 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-12-05 15:58 - 2009-07-13 20:45 - 00021072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:58 - 2009-07-13 20:45 - 00021072 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:50 - 2011-08-22 16:27 - 00000000 ____D C:\Program Files\Common Files\mcafee
2013-12-05 15:48 - 2013-12-05 15:48 - 00000000 ___HD C:\kleaner.tmp
2013-12-05 15:46 - 2011-08-22 16:27 - 00000000 ____D C:\Program Files\mcafee
2013-12-05 15:45 - 2013-12-04 10:33 - 00000000 ____D C:\users\wangzhisong
2013-12-05 15:42 - 2013-12-05 15:41 - 242280400 _____ (Kaspersky Lab) C:\Users\sw\Downloads\kav14.0.0.4651en-gb.exe
2013-12-05 15:41 - 2013-12-04 10:39 - 00000000 ____D C:\Users\sw\AppData\Local\Mozilla
2013-12-05 15:34 - 2013-12-04 10:33 - 00000280 _____ C:\Windows\Tasks\UpdaterEX.job
2013-12-05 00:44 - 2013-12-04 10:13 - 00111648 _____ C:\Users\sw\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 00:36 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-05 00:36 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-12-05 00:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-05 00:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-12-05 00:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-12-05 00:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-12-05 00:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-12-05 00:33 - 2011-02-22 03:42 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-05 00:32 - 2013-12-05 00:32 - 00266288 _____ C:\Windows\Minidump\120513-66924-01.dmp
2013-12-05 00:32 - 2013-12-05 00:32 - 00000000 ____D C:\Windows\Minidump
2013-12-05 00:32 - 2011-08-22 16:27 - 00000000 ____D C:\ProgramData\McAfee
2013-12-05 00:32 - 2009-07-13 20:45 - 00427816 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-05 00:31 - 2013-12-05 00:31 - 567361206 _____ C:\Windows\MEMORY.DMP
2013-12-05 00:12 - 2013-12-05 00:02 - 00011283 _____ C:\Windows\IE10_main.log
2013-12-04 14:18 - 2013-12-04 14:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-04 14:15 - 2011-02-22 03:42 - 00000000 ____D C:\Windows\ShellNew
2013-12-04 14:15 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-04 14:14 - 2013-12-04 14:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-12-04 14:14 - 2013-12-04 14:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-12-04 14:14 - 2011-08-22 16:39 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-12-04 14:14 - 2011-08-22 16:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-04 14:13 - 2013-12-04 14:13 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-12-04 14:12 - 2013-12-04 14:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-12-04 14:12 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-04 14:11 - 2013-12-04 14:11 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-04 14:11 - 2013-12-04 14:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-12-04 14:11 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2013-12-04 14:10 - 2013-12-04 14:10 - 00000000 __RHD C:\MSOCache
2013-12-04 14:10 - 2013-12-04 14:10 - 00000000 ____D C:\Users\sw\AppData\Local\Microsoft Help
2013-12-04 13:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-04 12:49 - 2013-12-04 12:49 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-04 12:49 - 2013-12-04 12:49 - 00000000 ____D C:\Users\sw\AppData\Roaming\Malwarebytes
2013-12-04 12:49 - 2013-12-04 12:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-04 12:49 - 2013-12-04 12:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-04 12:49 - 2013-12-04 12:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\sw\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-04 11:33 - 2013-12-04 11:33 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-04 11:33 - 2013-12-04 11:32 - 00000000 ____D C:\ProgramData\Adobe
2013-12-04 11:33 - 2013-12-04 10:57 - 00000000 ____D C:\Users\sw\AppData\Local\Adobe
2013-12-04 11:32 - 2013-12-04 11:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-04 11:24 - 2013-12-04 11:24 - 00001033 _____ C:\Users\sw\Desktop\Dropbox.lnk
2013-12-04 11:21 - 2013-12-04 11:21 - 00000000 ____D C:\Users\sw\Documents\Healthy Eating
2013-12-04 11:21 - 2013-12-04 11:21 - 00000000 ____D C:\Users\sw\Documents\Grievance
2013-12-04 11:21 - 2013-12-04 11:21 - 00000000 ____D C:\Users\sw\Documents\Garmin Speed Camera Download
2013-12-04 11:21 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Gairloch Trip
2013-12-04 11:21 - 2013-12-04 10:12 - 00000000 ____D C:\users\sw
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Youcam
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Words
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Sony Ericsson
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Songs
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Flat Rent
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Family Tree Info
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\CV
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\College
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\Bikes
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\220913
2013-12-04 11:20 - 2013-12-04 11:20 - 00000000 ____D C:\Users\sw\Documents\12-10-2013
2013-12-04 11:20 - 2013-12-04 11:19 - 00000000 ____D C:\Users\sw\Documents\Riders Club
2013-12-04 11:20 - 2011-08-22 16:26 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-04 11:19 - 2013-12-04 11:19 - 00000000 ____D C:\Users\sw\Documents\Recipes
2013-12-04 11:19 - 2013-12-04 11:19 - 00000000 ____D C:\Users\sw\Documents\Phone Backup Card
2013-12-04 11:19 - 2013-12-04 11:18 - 00000000 ____D C:\Users\sw\Documents\Phone backup
2013-12-04 11:18 - 2013-12-04 11:18 - 00000000 ____D C:\Users\sw\Documents\PDF Conversions
2013-12-04 11:18 - 2013-12-04 11:18 - 00000000 ____D C:\Users\sw\Documents\Overpayment
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Outlook Files
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\My Received Files
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Music Rip
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\MC Parking
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Insurances
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Image Converter Plus
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Icon
2013-12-04 11:17 - 2013-12-04 11:17 - 00000000 ____D C:\Users\sw\Documents\Holiday 2010
2013-12-04 11:08 - 2013-12-04 11:08 - 00000000 ____D C:\Program Files (x86)\Foolish IT
2013-12-04 11:04 - 2013-12-04 11:04 - 00002148 _____ C:\Users\Public\Desktop\Seagate Manager.lnk
2013-12-04 11:04 - 2013-12-04 11:04 - 00000000 ____D C:\ProgramData\Seagate
2013-12-04 11:04 - 2013-12-04 11:04 - 00000000 ____D C:\Program Files (x86)\Seagate
2013-12-04 11:04 - 2011-08-22 16:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-04 11:03 - 2013-12-04 11:01 - 29284640 _____ (Seagate ) C:\Users\sw\Downloads\Seagate_Manager.exe
2013-12-04 11:03 - 2013-12-04 10:22 - 00000000 ____D C:\Users\sw\AppData\Local\Downloaded Installations
2013-12-04 10:59 - 2013-12-04 10:59 - 00000000 ____D C:\Users\sw\AppData\Local\Macromedia
2013-12-04 10:58 - 2013-12-04 10:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-04 10:58 - 2013-12-04 10:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-04 10:58 - 2013-12-04 10:58 - 00000000 ____D C:\Windows\System32\Macromed
2013-12-04 10:46 - 2013-12-04 10:46 - 02013672 _____ (Driver Manager) C:\Users\sw\Downloads\DriverManager.exe
2013-12-04 10:39 - 2013-12-04 10:39 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-04 10:39 - 2013-12-04 10:39 - 00000000 ____D C:\Users\sw\AppData\Roaming\Mozilla
2013-12-04 10:39 - 2013-12-04 10:39 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-04 10:39 - 2013-12-04 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-04 10:39 - 2013-12-04 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-04 10:34 - 2013-12-04 10:33 - 00000000 ____D C:\Users\sw\AppData\Local\Mobogenie
2013-12-04 10:34 - 2013-12-04 10:33 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-04 10:33 - 2013-12-04 10:33 - 00003380 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-12-04 10:33 - 2013-12-04 10:33 - 00003208 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-12-04 10:33 - 2013-12-04 10:33 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
2013-12-04 10:33 - 2013-12-04 10:33 - 00000000 ____D C:\Users\sw\AppData\Roaming\UpdaterEX
2013-12-04 10:33 - 2013-12-04 10:33 - 00000000 ____D C:\Users\sw\AppData\Local\cache
2013-12-04 10:33 - 2013-12-04 10:33 - 00000000 _____ C:\Users\sw\daemonprocess.txt
2013-12-04 10:32 - 2013-12-04 10:32 - 23288584 _____ (Mozilla) C:\Users\sw\Downloads\Firefox_Setup [1].exe
2013-12-04 10:32 - 2013-12-04 10:32 - 00000000 ____D C:\Users\sw\AppData\Local\Wajam
2013-12-04 10:31 - 2013-12-04 10:31 - 00000000 ____D C:\Users\sw\AppData\Roaming\Adobe
2013-12-04 10:31 - 2013-12-04 10:15 - 00000000 ____D C:\Users\sw\AppData\Local\Google
2013-12-04 10:22 - 2013-12-04 10:22 - 00000000 __SHD C:\Windows\ftpcache
2013-12-04 10:22 - 2013-12-04 10:22 - 00000000 ____D C:\Users\sw\AppData\Roaming\Macromedia
2013-12-04 10:17 - 2011-08-22 16:26 - 00000000 ____D C:\ProgramData\Partner
2013-12-04 10:17 - 2011-08-22 16:26 - 00000000 ____D C:\Program Files\Google
2013-12-04 10:16 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-12-04 10:14 - 2013-12-04 10:14 - 00000000 ____D C:\Users\sw\AppData\Roaming\Intel Corporation
2013-12-04 10:14 - 2013-12-04 10:12 - 00002086 _____ C:\Users\sw\Desktop\OneKey Recovery.lnk
2013-12-04 10:14 - 2013-12-04 10:12 - 00001122 _____ C:\Users\sw\Desktop\Cyberlink Power2Go.lnk
2013-12-04 10:13 - 2013-12-04 10:13 - 00000000 ____D C:\Users\sw\AppData\Local\VirtualStore
2013-12-04 10:12 - 2013-12-04 10:12 - 00000020 ___SH C:\Users\sw\ntuser.ini
2013-12-04 10:10 - 2013-12-04 10:10 - 00000000 __SHD C:\Recovery
2013-12-04 10:10 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-04 10:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Recovery
2013-12-04 10:06 - 2011-02-22 03:19 - 00000000 ____D C:\Windows\Panther
2013-12-02 07:39 - 2013-12-04 11:20 - 00027744 _____ C:\Users\sw\Documents\Outgoings August 13.xlsx
2013-11-20 07:54 - 2013-12-04 11:20 - 00262144 ____T C:\Users\sw\Documents\SW TEST.prn
2013-11-10 13:38 - 2013-12-04 11:20 - 00082657 _____ C:\Users\sw\Documents\Cris.xlsx

Some content of TEMP:
====================
C:\Users\sw\AppData\Local\Temp\8686uninstall.exe
C:\Users\sw\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\sw\AppData\Local\Temp\install_reader11_en_mssd_aaa_aih.exe
C:\Users\sw\AppData\Local\Temp\ose00000.exe
C:\Users\sw\AppData\Local\Temp\Sqlite3.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

9
Restore point made on: 2013-12-04 10:16:18
Restore point made on: 2013-12-04 10:21:57
Restore point made on: 2013-12-04 10:25:11
Restore point made on: 2013-12-04 10:27:09
Restore point made on: 2013-12-04 10:28:40
Restore point made on: 2013-12-04 11:03:48
Restore point made on: 2013-12-04 14:09:56
Restore point made on: 2013-12-04 23:38:15
Restore point made on: 2013-12-05 15:55:24

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4039.86 MB
Available physical RAM: 3427.96 MB
Total Pagefile: 4038.06 MB
Available Pagefile: 3418.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:388.4 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.58 GB) NTFS
Drive g: (S WOOLFRIES) (Removable) (Total:3.74 GB) (Free:3.7 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 44FEC2C8)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-12-04 13:23

==================== End Of Log ============================
  • 0

#4
Dakeyras
Posted 06 December 2013 - 03:25 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thank you for your response and your offer of assistance.

You're welcome!

As an update I wish to advise that my laptop has now been reset to factory settings. I do hope this doesnt complicate matters, however the problems I have explained in my OP remain.

OK fair play, I take it you invoked either the Recovery Partition and or used a set of Recovery Media. This de-facto is a reformat and reinstallation of the Windows Operating System.

So if still the same issues, unlikely it is malware related though feasible...however not seeing anything overtly malicious in the FRST log.

Next:

A few questions first as follows...

1 - Please confirm if you implemented/used the CryptoPrevent utility or not ?

2 - Also confirm that you reinstalled the Kaspersky Anti-Virus or not ?

3 - Is your machine actually able to boot-up into Normal Mode now or not ?

Next:

Answer the above please and we will then go from there, thank you.
  • 0

#5
Dakeyras
Posted 10 December 2013 - 03:29 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP